For what it's worth, if a stranger needed to borrow my phone, I'd dial the number myself and put it on speaker. This would reduce the chance of them running off, and also prevent most of the scams and schemes listed below, yet still allow me to be a good Samaritan to someone with a genuine need.
–
aslumDec 21 '12 at 16:11

It wouldn't prevent the premium rate dial scheme if there was someone there to answer.
–
DelvarWorldDec 24 '12 at 20:57

@DelvarWorld: Hopefully, you would notice that it's a premium number.
–
SLaksDec 24 '12 at 21:38

10 Answers
10

Use it to dial a premium rate number owned by the group. In the UK, 09xx numbers can cost up to £1.50 per minute, and most 09xx providers charge around 33%, so a five minute call syphons £5 into the group's hands. If you're a good social engineer, you might only have a 10 minute gap between calls as you wander around a busy high-street, so that's £15 an hour (tax free!) - almost triple minimum wage.

Use it to send premium rate texts. The regulations on there are tighter, but if you can get a premium rate SMS number set up, you can charge up to £10 per text. A scammer would typically see between £5 and £7 of that, after the provider takes a cut. It's also possible to set up a recurring cost, where the provider sends you messages every day and charges you up to £2.50 for each one. By law the service provider must automatically cancel it if they send a text sayin STOP, but every extra message you send gains you money.

Set up an app in the app store, then buy it on peoples' phones. This can be very expensive for the victim, since apps can be priced very high - some up to £80. In-app purchases also work. This is precisely why you should be prompted for your password on every app purchase and in-app purchase, but not all phones do so!

Install a malicious app, such as the mobile Zeus trojan. This can then be used to steal banking credentials and email accounts. This seems to be gaining popularity on Android phones.

Bullet point #1: I have found my true calling.
–
ThomasDec 21 '12 at 10:15

+1 for the first two points, as the OP assumes that they "dial a number and do whatever, and hang up". I know whatever is broad, but I'm assuming that is akin to talk to or listen to the call, and not Install arbitrary software.
–
Joshua DrakeDec 21 '12 at 19:27

4

+1 Appears to be the only real attempt at answering this. Also, your picture is perfect for your "hat".
–
Byte56Dec 21 '12 at 19:35

1

When I ran into some bad charges on my PAYG phone, it was very difficult to dispute them. It may be easier on contract, but I don't know. It's a YMMV thing. As far as links go, I don't have any atm (I'm using my tablet right now) but I can try to dig some yup later.
–
PolynomialDec 22 '12 at 12:25

Some mobile networks in the world allow users to transfer prepaid balances from one account to another. Alternatively, they might send some sort of incriminating SMS from your phone which may cause you issues with law enforcement officer.

While detonating a bomb or EMP would be the most harmful, I think the following scenarios are much more likely to happen.

If you have a smartphone, it's very likely you have some kind of weather widget on the homescreen which tells the attacker what is your hometown.
Also, I yet have to see a smartphone without news widget, which again, tells the attacker what kind of person you are. Are you following a finance news? Sport? IT? The very same thing can be done by just looking at your installed apps. Do you have any games? Which ones? Do you have any kind of booking apps? Does this kind of app keeps any sort of history? Well, in short, within just few second attacker can make pretty reliable profile of you.
Do you have anykind of notebook app? What have you written in it?

The second threat is... Well, most likely you just gave him full access to all of your e-mail accounts and with a few presses on the screen, he could forward all of your mails to his account.

The last thing which I can remember are pranks. While this doesn't sound like anything danger, it can be really unpleasantly. The attacker could send to a random contact of opposite sex SMS - "Hey, I'm thinking about you...". Just imagine if this random contact is your wife's friend (now, the scenario of detonating nuclear weapon is not so scary, isn't it?). Or even more explicit message to a contact saved as your family member (e.g. Mother).
He could also update your Facebook status, leave a message on a Twitter or upload some of your private photos to a public service.

they could then create a backup of your device, they could analyse already created backups, they could download all of your saved data, media etc and use this to further penetrate other areas of interest.

I highly doubt a terrorist would borrow someone else's phone, leaving their DNA and fingerprints all over the device, and have a member of the public see their face. Especially when you can buy a cheap pay-as-you-go phone, top it up with cash, use it once, then throw it in a river.
–
PolynomialDec 21 '12 at 10:20

Why was this answer voted down to -1 while Mike Scott's very similar one was at +3?
–
Dan NeelyDec 21 '12 at 14:33

Because someone was having a bad day and no humour/imagination.
–
PhilDec 21 '12 at 15:47

2

@DanNeely - because providing the very same answer as already posted shouldn't be encouraged. While Mike's answer is not likely to happen and it's more of a joke, it's still has a point.
–
StupidOneDec 21 '12 at 20:36